LEGAL

Privacy

Our take on privacy

It may sometimes seem a little cumbersome to read privacy statements. That is why I am glad that you are taking the time. 

We at ISMS Connect have no interest in collecting data from you, that we don’t need to fulfill our service. See below what type of data we handle and why. Feel free to inquire us any time with your question regarding privacy.

– Christopher Eller, owner of ISMS Connect –

Table of Contents

What we collect and why

Adress data

If you order some of our services, the information you provide is used to process your order and write an invoice. As we offer subscription and user accounts, this information is retained as long your account is existent to allow reordering or renewing your subscription. Your IP address will be saved together with your order to protect us against fraud through incorrect orders.

Payment

We use the service provider “Stripe” to process your payment. They carry out a risk analysis based on the data entered. The processing of your payment and payment data is the responsibility of these providers. We use this provider to carry out SEPA & Credit Card Payments because we were target of fraudulent orders in the past. But if you do not feel comfortable with sharing your data with a third party for payment, you can contact us and we will set up traditional bank transfer for you. In that case, you will pay us directly.

Customer Account

If you haven an account, free or paid, you can access the information available to you by using the login data provided.  You can use it to request renewal of the product or deletion of all your data. When you use our product, we will record your progress in processing the training courses in the Academy module to allow you to continue the course at any time where you left off. Also, we access this progress value in support cases to help understand where you have trouble. If the subscription you ordered expires, your account will not be automatically deleted to allow you accessing free content and to resume your subscription.

You also have the possibility to participate in the members’ forum under your name or send messages to other members. Your name, which can be pseudonymized or changed in the profile settings at any time, will appear in the platform for other users when they use the Academy, for example. Other users have the possibility to contact you under this name via chat.

You may want to invite your team members to your account, therefore invited team members will also have an profile identified by their E-Mail and Password. Also, they will have an profile with public information (like nickname) for the forum just like your profile.

If someone reports fraudulent or aggressive behavior, we may look into messages or posts that are objectives to those reports.

E-Mails

If you subscribe to the newsletter or an e-mail course on our website, we will store your address in our system in order to send you the corresponding e-mails. We delete these addresses as soon as you unsubscribe from the newsletter.

Video sessions

Occasionally we may invite customers to video sessions where problems or questions in customer projects are discussed. All customers that participate in those sessions are asked to keep shared information confidentially. However, its still a public forum. If all participants agree, we may record these sessions and share them on the website with other customers.

Contacting us

If you contact us by e-mail or the contact forms provided, the information you provide will be stored in order to answer your request and help you with additional requests. 

If you use the contact bubble in the right corner, our service provider Helpscout will additionally receive your IP and the help articles you clicked to help us link your request to your previous requests from you and to understand what problem you where facing.

Website interaction

In order to display our website, to ensure the stability and security of the site and to statistically evaluate visits, we collect the data your browser sends to us (IP Adress, time, browser version, Operating system). Additionally, the contact form in the lower right corner is directly loaded from our service provider help scout when you call the site. Helpscout is a paid provider which operates under an contract with us.

To analyse the flow of visitors we use the tool “Matomo” which only saves an anonymised IP address (last block of the IP address is replaced by “0”), the browser used and the pages called up.  We operate this ourselves and are not dependent on third parties. The use of cookies for Matomo is deactivated.

For some sites, we analyze the usage with so called “heat maps” in Matomo. These maps shows us, which area of the page is viewed at most or what buttons are clicked most. For example we can see, that only a third of all visitors scrolls to the end of a specific page. This data is aggregated through all visitors and does not allow analyzing scroll or clicking behavior of single visitors.

We use a web application firewall to protect ourselves from attacks. This firewall uses a blacklist available on our server to ward off harmful attacks. If an attack is detected and blocked, the IP of the attacker is sent to the provider of this blacklist to improve it. The IP will be removed after 90 days by the provider if no further harmful behaviour originates from this IP.

Online advertising

We use the Google search engine to place advertisements that link to this page. Usually Google Analytics is integrated as a tracking script on websites to monitor the user’s session and measure how they behave. We don’t do so.

Although we do not use Google Analytics, we rely on measuring the success of the ads (“Which ad makes customers buy something?”). We have implemented a solution that protects you from Google Analytics and allows us to measure the success of ads.

When you visit us, your browser tells roughly what Ad you have clicked (e.g. “ISMS templates” or “Consulting”) through so called “campaign tags” attached to the url of the ad. We save that information along the website interaction in “Matomo” to understand what Ads are likely to fulfill the expectation or what Ads lead to an user to leave immediately.

Also, when you click an Ad the Ad URL contains an unique “Ads ID” or specific “gclid” that’s uniquely. We collect this data for the time of your visit (“Session”) and only if you purchase something, we transfer this Ad ID back to Google Ads to mark the shown Ad as successful. This transfer is done by our Server and not your browser, so your information is masked. However Google will collect your data when you use their search engine. If you access our site directly, and not via an advertisement, your purchase will not be recorded by Google in any way.

  • Further information on the use of data by Google, setting and objection options can be found in the Google data protection declaration (https://policies.google.com/privacy) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).

Cookies

Cookies are small text files that are stored by your web browser: e.g. with the contents of your shopping basket in the online shop. This information is sent back to us by your browser when you call up the website again and we can show your shopping basket or allow you to skip the log in. All cookies we use are so called “first party cookies

A distinction is made between “first party cookies” (cookies that come directly from our website) and “third party cookies” (cookies that come from a third party such as our web analysis service providers) – which are not used by us.

You can delete individual cookies or generally deactivate the use of cookies in your browser. Cookies have certain runtimes, after this time your browser automatically deletes them.

All cookies used are listed below. If a “*” is used, this means that there may be several cookies in your browser, which start with the same character string but serve the same function.

General Information

Responsible Body

Christopher Eller IT-Beratung is responsible for the processing of data (in accordance with Art. 4 Para. 7 of the EU Data Protection Regulation (GDPR)). The contact details can be found in the imprint.

Your rights

As a user, you have the following rights with regard to your personal data:
Right to information, right to rectification or deletion, right to restriction of processing, right to object to processing, right to data portability, right to withdraw consent.

You have the right and the possibility to complain to a data protection supervisory authority about the processing of your personal data. If you have any problems with this website, please write us a message.

Service Providers

We commission service providers for individual services or functions of this website. Those sub processors are carefully chosen and bind to an order processing contract.

Details on what we collect

Below you find a detailed description of the legal basis for the data collect as well as the retention times. 

Regarding Retention: Please note that our system backups may contain your personal data. So if the retention time expires or you delete your account, it may take additional 30 days until all information is completely gone from our backup systems.

Adress data

Legal basis:

  • Art. 6. paragraph 1 lit. b) – Fulfilment of a contract (processing of the order)
  • Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest in protecting ourselves against fraud)

Retention: Until you delete your account. Please note that legal storage obligations may extend the period of time during which we store your data because order data, especially invoices must be retained for about 10 years. In this case, we will restrict the processing of the data and delete it after expiry of the obligation to retain it.

Payment

Legal basis:

  • Art. 6. paragraph 1 lit. b) – Fulfilment of a contract (processing of the order)
  • Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest in protecting ourselves against fraud)

Retention:Legal storage obligations may extend the period of time during which we store your data because order data, especially invoices must be retained for about 10 years. In this case, we will restrict the processing of the data and delete it after expiry of the obligation to retain it.

Customer Account

Legal basis:

  • Art. 6. paragraph 1 lit. b) – Fulfilment of a contract (provision of the forum, answering before support requests)
  • Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest in protecting ourselves against fraud and moderating our forum)

Retention: As soon as you delete your customer account , we will delete your data from our systems.

E-Mails

Legal basis:

  • Art. 6 Para. 1 lit. a) – Consent (By subscribing to the newsletter or e-mail offer via a form on the website)
  • Art. 6 para. 1 lit. b) – Fulfilment of a contract (sending of update notifications or event notices within the framework of the product contract)
Retention: We delete your address from the mailing list as soon as you unsubscribe from the newsletter. If you are a customer and receive mails, we will flag your account accordingly that you won’t receive mails in the future.

Video sessions

Legal basis:

  • Art. 6 Para. 1 lit. a) – Consent (by joining an invitation to one of these sessions or additionally agreeing to a recording of a session)
Retention: We keep no information on participants. If we record a session, we keep these recordings up to 10 years. If you object to the usage, we will happily remove parts of the clip where you are shown or heard so that you are not identifiable anymore.

Contacting us

Legal basis:

  • Art. 6 Para. 1 lit. a) – Consent (by establishing contact on your part)
  • Art. 6. par. 1 lit. b) – Fulfilment of a contract (if your request refers to an existing contract with us or if you wish to conclude a contract)
  • Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest to answer your request)
Retention: We keep all support inquiries up to 10 years to fulfill legal requirements on retention of business letters as support or general inquires can lead to an contract.

Website interaction

Legal basis:

  • Art. 6 para. 1 lit. f) – legitimate interest. Our legitimate interest:
    • to provide you with the requested website content.
    • to protect our website from attacks and to guarantee its technical operation.
    • to improve the function and accessibility of our website
Retention: This data is stored beyond your visit for as long as it is necessary to ensure security functions such as protection against attacks. Matomo data is purged after 90 days. We will purge server and systems logs after 5 years in any case.

Online advertising

Legal basis:

  • Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest a) To measure the success of our advertisements.
Retention: We delete the saved gclid after your session ends. 

Details on Cookies

Below you find a detailed description of the legal basis for the data collect as well as the retention times. 

Essential cookies enable basic functions and are necessary for the proper functioning of the website. All cookies are essential for maintaining the correct function of the website and therefore are first-party cookies (delivered by our server).

woocommerce_cart_hash

Purpose: Helps our shop system to recognise whether the contents of the shopping basket have been changed.
Cookie runtime: Until session ends

woocommerce_items_in_cart

Purpose: Helps the webshop to recognise whether products are in the shopping basket.
Cookie runtime: Until session ends

wordpress_test_cookie

Purpose: The test cookie is used to determine whether your browser supports cookies when you login to the site.
Cookie runtime: Until session ends

wp_woocommerce_session*

Purpose: A unique number helps the shop system to assign you to the correct shopping basket.
Cookie runtime: 2 days

wp-settings*

Purpose: Saves settings that you have stored on your user account, such as the preferred time zone or the colour scheme of the website.
Cookie runtime: 1 year

wordpress_logged_in_*

Purpose: Required to allow you to login and use your account (if you have a user account).
Cookie runtime: 14 days

wordress_sec_*

Purpose: Required to allow you to login and use your account (if you have a user account).
Cookie runtime: 14 days

wfwaf-authcookie-*

Purpose: This cookie is used by the firewall to perform a capability check of the current user while site loading.
Cookie runtime: 12 hours

PHPSESSID

Purpose: Allows to re-detect a user between site loading events to serve the correct content.
Cookie runtime: Until session ends

beacon_docs_session_id

Purpose: Allows to identify an user in a session for our support & contact widget in the right corner and link multiple support requests.
Cookie runtime: Until session ends

beacon_docs_visit_cookie

Purpose: This cookie is to built a timeline of help article visited so when you sent an support inquiry, we can understand what you lead to this.
Cookie runtime: Until session ends